diff options
author | kali kaneko (leap communications) <kali@leap.se> | 2020-08-11 22:38:13 +0200 |
---|---|---|
committer | kali kaneko (leap communications) <kali@leap.se> | 2020-08-11 22:38:13 +0200 |
commit | 5ba62c56b2a94b9f5ae06b150713f84d5a3144fa (patch) | |
tree | 5f572c3a06dbd91a144efb63a4dba55535fdd65a /pkg | |
parent | 33b9ba9abadb8cea8f5840bb11fb9de489b120e3 (diff) |
[refactor] simplify, make port optional
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/backend/api.go | 9 | ||||
-rw-r--r-- | pkg/backend/webapi.go | 47 | ||||
-rw-r--r-- | pkg/bitmask/auth.go | 5 |
3 files changed, 29 insertions, 32 deletions
diff --git a/pkg/backend/api.go b/pkg/backend/api.go index f63962c..0cab17f 100644 --- a/pkg/backend/api.go +++ b/pkg/backend/api.go @@ -6,6 +6,7 @@ import ( "C" "fmt" "log" + "strconv" "unsafe" "0xacab.org/leap/bitmask-vpn/pkg/bitmask" @@ -76,8 +77,12 @@ func EnableMockBackend() { go enableMockBackend() } -func EnableWebAPI() { - go enableWebAPI() +func EnableWebAPI(port string) { + intPort, err := strconv.Atoi(port) + if err != nil { + log.Fatal("Cannot parse port", port) + } + go enableWebAPI(intPort) } /* these two are a bit redundant since we already add them to ctx. however, we diff --git a/pkg/backend/webapi.go b/pkg/backend/webapi.go index a8844e8..568980d 100644 --- a/pkg/backend/webapi.go +++ b/pkg/backend/webapi.go @@ -5,31 +5,20 @@ import ( "log" "net/http" "os" + "strconv" "0xacab.org/leap/bitmask-vpn/pkg/bitmask" ) -func Adapt(h http.Handler, adapters ...Adapter) http.Handler { - for _, adapter := range adapters { - h = adapter(h) - } - return h -} - -type Adapter func(http.Handler) http.Handler - -func CheckAuth(token string) Adapter { - return func(h http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - t := r.Header.Get("X-Auth-Token") - if t == token { - h.ServeHTTP(w, r) - } else { - w.WriteHeader(http.StatusUnauthorized) - w.Write([]byte("401 - Unauthorized")) - } - - }) +func CheckAuth(handler http.HandlerFunc, token string) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + t := r.Header.Get("X-Auth-Token") + if t == token { + handler(w, r) + } else { + w.WriteHeader(http.StatusUnauthorized) + w.Write([]byte("401 - Unauthorized")) + } } } @@ -44,7 +33,6 @@ func webOff(w http.ResponseWriter, r *http.Request) { } func webStatus(w http.ResponseWriter, r *http.Request) { - log.Println("Web UI: status") fmt.Fprintf(w, ctx.Status.String()) } @@ -54,12 +42,13 @@ func webQuit(w http.ResponseWriter, r *http.Request) { os.Exit(0) } -func enableWebAPI() { +func enableWebAPI(port int) { + log.Println("Starting WebAPI in port", port) bitmask.GenerateAuthToken() - auth := CheckAuth(bitmask.ReadAuthToken()) - http.Handle("/vpn/start", Adapt(http.HandlerFunc(webOn), auth)) - http.Handle("/vpn/stop", Adapt(http.HandlerFunc(webOff), auth)) - http.Handle("/vpn/status", Adapt(http.HandlerFunc(webStatus), auth)) - http.Handle("/vpn/quit", Adapt(http.HandlerFunc(webQuit), auth)) - http.ListenAndServe(":8080", nil) + token := bitmask.ReadAuthToken() + http.Handle("/vpn/start", CheckAuth(http.HandlerFunc(webOn), token)) + http.Handle("/vpn/stop", CheckAuth(http.HandlerFunc(webOff), token)) + http.Handle("/vpn/status", CheckAuth(http.HandlerFunc(webStatus), token)) + http.Handle("/vpn/quit", CheckAuth(http.HandlerFunc(webQuit), token)) + http.ListenAndServe(":"+strconv.Itoa(port), nil) } diff --git a/pkg/bitmask/auth.go b/pkg/bitmask/auth.go index 519eaf1..a87a2ea 100644 --- a/pkg/bitmask/auth.go +++ b/pkg/bitmask/auth.go @@ -5,6 +5,7 @@ import ( "log" "math/rand" "os" + "path/filepath" "runtime" "strings" "time" @@ -12,7 +13,7 @@ import ( /* functions for local authentication of control endpoints */ -const tokenPath = "/dev/shm/bitmask-token" +const bitmaskToken = "bitmask-token" func GenerateAuthToken() { if runtime.GOOS != "linux" { @@ -20,6 +21,7 @@ func GenerateAuthToken() { return } t := getRandomString() + tokenPath := filepath.Join(os.TempDir(), bitmaskToken) err := ioutil.WriteFile(tokenPath, []byte(t), os.FileMode(int(0600))) if err != nil { log.Println("Could not write authentication token.") @@ -31,6 +33,7 @@ func ReadAuthToken() string { log.Println("Authentication token only implemented in linux at the moment.") return "" } + tokenPath := filepath.Join(os.TempDir(), bitmaskToken) token, err := ioutil.ReadFile(tokenPath) if err != nil { log.Println("Error reading token:", err) |